Skip to content

How To Speak HTTP To .htaccess Login

The raw HTTP to access a directory that is protected with .htaccess:

Authorization: BASIC <base64encoded_user_pass>

Where base64encoded_user_pass is a base64 encoded string from a string "username:password". With imaginative username my_username and password my_password, i.e. "my_username:my_password", the result is

Authorization: BASIC bXlfdXNlcm5hbWU6bXlfcGFzc3dvcmQ=

(You may want to use some online tools, like opinionatedgeek's Base 64 Encoder.)

And, for instance, when using PHP and fsockopen, it amounts to something like this:

$fp = fsockopen($protocol . '://' . $host, $port);

if ($method == 'GET') {
$path .= '?' . $data;
}

fputs($fp, "$method $path HTTP/1.1\r\n");

fputs($fp, "Host: $host\r\n");

fputs($fp, "Authorization: BASIC ".$authorization."\r\n");

fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");

fputs($fp, "Content-length: " . strlen($data) . "\r\n");

fputs($fp, "Connection: close\r\n\r\n");

Hope it's of some use. Took me a while to figure it out.